rewrite api/posts/delete to be more secure and add unit tests for it

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@769 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2010-09-28 22:14:31 +00:00
parent df8216d607
commit 22c9a01ee8
3 changed files with 62 additions and 28 deletions

View file

@ -177,6 +177,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* DOES NOT RESPECT PRIVACY SETTINGS!
*
* @param string $address URL to get bookmarks for
* @param boolean $all Retrieve from all users (true)
* or only bookmarks owned by the current
* user (false)
*
* @return mixed Array with bookmark data or false in case
* of an error (i.e. not found).
@ -184,9 +187,9 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* @uses getBookmarkByHash()
* @see getBookmarkByShortname()
*/
public function getBookmarkByAddress($address)
public function getBookmarkByAddress($address, $all = true)
{
return $this->getBookmarkByHash($this->getHash($address));
return $this->getBookmarkByHash($this->getHash($address), $all);
}
@ -196,15 +199,18 @@ class SemanticScuttle_Service_Bookmark extends SemanticScuttle_DbService
* DOES NOT RESPECT PRIVACY SETTINGS!
*
* @param string $hash URL hash
* @param boolean $all Retrieve from all users (true)
* or only bookmarks owned by the current
* user (false)
*
* @return mixed Array with bookmark data or false in case
* of an error (i.e. not found).
*
* @see getHash()
*/
public function getBookmarkByHash($hash)
public function getBookmarkByHash($hash, $all = true)
{
return $this->_getbookmark('bHash', $hash, true);
return $this->_getbookmark('bHash', $hash, $all);
}

View file

@ -202,8 +202,9 @@ class Api_PostsDeleteTest extends TestBaseApi
//send request
$res = $req->send();
//401 - unauthorized
$this->assertEquals(401, $res->getStatus());
//404 - user does not have that bookmark
$this->assertEquals(404, $res->getStatus());
//verify MIME content type
$this->assertEquals(
'text/xml; charset=utf-8',
@ -211,10 +212,10 @@ class Api_PostsDeleteTest extends TestBaseApi
);
//verify xml
$this->assertNotTag(
$this->assertTag(
array(
'tag' => 'result',
'attributes' => array('code' => 'done')
'attributes' => array('code' => 'something went wrong')
),
$res->getBody(),
'', false

View file

@ -1,33 +1,60 @@
<?php
// Implements the del.icio.us API request to delete a post.
// del.icio.us behavior:
// - returns "done" even if the bookmark doesn't exist;
// - does NOT allow the hash for the url parameter;
// - doesn't set the Content-Type to text/xml (we do).
/**
* API for deleting a bookmark.
* The delicious API is implemented here.
*
* The delicious API behaves like that:
* - returns "done" even if the bookmark doesn't exist
* - we do it correctly
* - does NOT allow the hash for the url parameter
* - doesn't set the Content-Type to text/xml
* - we do it correctly, too
*
* SemanticScuttle - your social bookmark manager.
*
* PHP version 5.
*
* @category Bookmarking
* @package SemanticScuttle
* @author Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
* @author Christian Weiske <cweiske@cweiske.de>
* @author Eric Dane <ericdane@users.sourceforge.net>
* @license GPL http://www.gnu.org/licenses/gpl.html
* @link http://sourceforge.net/projects/semanticscuttle
*/
// Force HTTP authentication first!
$httpContentType = 'text/xml';
require_once 'httpauth.inc.php';
/* Service creation: only useful services are created */
$bookmarkservice =SemanticScuttle_Service_Factory::get('Bookmark');
$bs = SemanticScuttle_Service_Factory::get('Bookmark');
$uId = $userservice->getCurrentUserId();
// Note that del.icio.us only errors out if no URL was passed in; there's no error on attempting
// to delete a bookmark you don't have.
// Error out if there's no address
if (is_null($_REQUEST['url'])) {
if (!isset($_REQUEST['url'])
|| $_REQUEST['url'] == ''
) {
$deleted = false;
} else if (!$bs->bookmarkExists($_REQUEST['url'], $uId)) {
//the user does not have such a bookmark
// Note that del.icio.us only errors out if no URL was passed in;
// there's no error on attempting to delete a bookmark you don't have.
// this sucks, and I don't care about being different but correct here.
header('HTTP/1.0 404 Not Found');
$deleted = false;
} else {
$bookmark = $bookmarkservice->getBookmarkByAddress($_REQUEST['url']);
$bid = $bookmark['bId'];
$delete = $bookmarkservice->deleteBookmark($bid);
$deleted = true;
$bookmark = $bs->getBookmarkByAddress($_REQUEST['url'], false);
$bId = $bookmark['bId'];
$deleted = $bs->deleteBookmark($bId);
if (!$deleted) {
//something really went wrong
header('HTTP/1.0 500 Internal Server Error');
}
}
// Set up the XML file and output the result.
echo '<?xml version="1.0" standalone="yes" ?'.">\r\n";
echo '<result code="'. ($deleted ? 'done' : 'something went wrong') .'" />';
echo '<?xml version="1.0" standalone="yes" ?' . ">\r\n";
echo '<result code="' . ($deleted ? 'done' : 'something went wrong') . '" />';
?>